Workflows in Dynamic and Restricted Delegation
2009 (English)In: 2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), New York: IEEE , 2009, 17-24 p.Conference paper (Refereed)
Delegation is a key facility in dynamic, distributed and collaborative environments like e rids and enables an effective use of a wide range of dynamic applications. Traditional delegation frameworks approach a top-down model of delegation for delegating rights from a superior to a subordinate in advance before a delegate starts off a delegated task. However, a top-down model of delegation cannot meet all the requirements of dynamic execution of distributed applications, as in such environments. required access rights for completing a task cannot easily be anticipated in advance. Delegating fewer rights than required for completing a task may cause the task execution to fail while delegating more rights than needed may threaten abuse by malicious parties. It is therefore reasonable and more robust to utilize a mechanism that allows determining and acquiring only required rights and credentials for completing a task, when they are needed. This is what we call an on-demand delegation framework, which realizes a bottom-up delegation model and provides a just-in-time acquisition of rights for a restricted and dynamic delegation. In this paper we elaborate the concept of bottom-up delegation and describe how an on-demand delegation framework can leverage workflows to meet the requirements of the least privileges principle. We also discuss the vital need for dynamic and adaptive scientific workflows to support an on-demand delegation framework. We present three different models or bottom-up delegation, which cover a wide range or usage scenarios in Grids and dynamic collaborative environments. Using a standard RBAC authorization model and a graph-based workflow model (DAG), we define and analyze a formal model of our proposed bottom-up delegation approach.
Place, publisher, year, edition, pages
New York: IEEE , 2009. 17-24 p.
Access rights, Authorization model, Collaborative environments, Distributed applications, Dynamic applications, Dynamic execution, Formal model, Graph-based, Just in time, Least privilege, On-Demand, Required rights, Scientific workflows, Task executions, Top down models, Usage scenarios, Work-flows, Workflow models, Management, Security of data
IdentifiersURN: urn:nbn:se:kth:diva-9933DOI: 10.1109/ARES.2009.92ISI: 000270612000003ScopusID: 2-s2.0-70349667785ISBN: 978-1-4244-3572-2OAI: oai:DiVA.org:kth-9933DiVA: diva2:159671
4th International Conference on Availability, Reliability and Security, Fukuoka Inst Technol, Fukuoka, JAPAN, MAR 16-19, 2009
QC 201006212009-02-092009-02-092011-02-24Bibliographically approved